In this article, I’ve put together some solutions to common performance problems with RDS servers or published RemoteApp that I’ve encountered in my infrastructure. Before implementing any of the solutions or workarounds, check if it is suitable for your infrastructure and environment.
Fixing RDS Performance on Windows Server 2016/2019 with UPD
RDS servers running Windows Server 2019/2016 with a large number of users may experience slow performance when using User Profile Disks.
The problem is that new inbound and outbound rules are created in Windows Defender Firewall every time a user logs in. Those firewall rules are not automatically removed when the user logs out.
Over time, a lot of duplicate rules appear in the firewall, which leads to a dramatic decrease in performance of the RDS server (slow login, RDS hosts freeze, menus don’t open, and the Start button does not appear).
Check the number of rules in Windows Defender Firewall using the PowerShell command:
(Get-NetFirewallRule).count
In my case, one of the RDS hosts had 18,000 firewall rules! These rules are created for Windows UWP Store apps each time a user signs in.
To fix the issue, you must first install the latest security updates for your version of Windows Server (at least KB4467684 on Windows Server 2016 and KB4490481 for Windows Server 2019). Then create the following registry parameter on your RDSH:
- Reg key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
- Type: REG_DWORD
- Property: DeleteUserAppContainersOnLogoff
- Value:
1
You can create a registry property using the PowerShell command:
New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy" -Type DWord -Name DeleteUserAppContainersOnLogoff -Value 1
Don’t forget to manually clear the inbound and outbound rules in Windows Defender Firewall. If there are few firewall rules, you can use a PowerShell script from the TechNet thread (https://social.microsoft.com/Forums/Azure/en-US/992e86c8-2bee-4951-9461-e3d7710288e9/windows-servr-2016-rdsh-firewall-rules-created-at-every-login?forum=winserverTS).
Poor RDS/RemoteApp Performance Due to High Mouse Polling Rate
Many users complain about poor RDP session performance, high latency, and mouse lags after migrating the RDS farm to Windows Server 2019. The mouse is very slow to respond to movement, the cursor shakes, and freezes.
This problem can be related to the high DPI and polling rate settings of some optical mice (usually gaming mice). For example, the popular Logitech G203 mouse has a default polling rate of 1000 times per second (1000 Hz
). A high mouse polling rate seems to cause a high load on the RDP connection, and you may encounter lags when working with RemoteApps. If you reduce this value to 125 times per second (125 Hz), the mouse problem in the RDP session will disappear.
You can reduce the Polling Rate using the vendor’s mouse tools.
If you can’t reduce the polling rate, try to disable the mouse cursor shadow (uncheck the Enable pointer shadow option) and select the None scheme for the pointer in the mouse settings in the Windows Control Panel (main.cpl
).
Slow RemoteAPP, Mouse, and Menu Lags after Windows 10 Upgrade
Users may experience performance issues with RemoteApps published on Windows Server 2019/2016/2012R2 RDS servers after the Windows 10 build upgrade. RDS RemoteApps may start to work much slower, any action that is caused by a mouse click is performed (drawn) 2-3 times longer, and context menus in RemoteApps are displayed slowly (menu items blink, you have to click on them several times, sometimes they do not appear at all). Similar problems occurred when upgrading Windows 10 builds on clients to 1803 and 20H2.
Mstsc.exe
or RDCMan client.To work around this problem, you can try to change the value of the Use Advanced RemoteFX graphics for RemoteApp parameter to Disabled using the local GPO editor (gpedit.msc) (GPO section: Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Remote Session Environment).
However, there is also a workaround to replace the RDP client version with an older one. Because performance issues with RemoteApp have been encountered also in Windows 10 1709, it’s best to use RDP libraries from 1607 or 1703. The thing is that after upgrading the Windows 10 build, a new version of the RDP client is installed, which doesn’t work correctly with the programs published via RDS RemoteApp.
You can fix poor RemoteApp performance on clients by replacing the mstsc.exe and mstscax.dll files in the C:\Windows\System32 folder with the versions from a previous build of Windows 10 (1703 or 1607).
How to replace RDP client files in Windows 10?
- Close all RDP connections and running RemoteApp (it is better even to restart the computer);
- Download the archive with the versions of mstsc.exe and mstscax.dll from Windows 10 1607 build (mstsc-w10-1607.zip);
- Copy the original mstsc.exe and mstscax.dll files from the C:\windows\system32\ to the C:\BackUp using the commands:
md c:\backup\
copy C:\windows\system32\mstsc.exe c:\backup
copy C:\windows\system32\mstscax.dll c:\backup - Then you need to assign your account to the owner of the mstsc.exe and mstscax.dll files in the C:\windows\system32\ directory, disable inheritance and grant yourself the permissions to modify the files:
takeown /F C:\windows\system32\mstsc.exe
takeown /F C:\windows\system32\mstscax.dll
icacls C:\windows\system32\mstsc.exe /inheritance:d
icacls C:\windows\system32\mstscax.dll /inheritance:d
icacls C:\windows\system32\mstsc.exe /grant root:F
icacls C:\windows\system32\mstscax.dll /grant root:F
In this example, the name of the local account with administrator permissions is root. Replace it with your account name. - Replace the files in the C:\windows\system32\ directory with the files from the archive;
- Restore the original permissions on the copied files. To do this, enable inheritance of NTFS permissions and set the owner of the files to “NT Service\TrustedInstaller” using the ICACLS tool:
icacls C:\windows\system32\mstsc.exe /inheritance:e
icacls C:\windows\system32\mstscax.dll /inheritance:e
icacls C:\windows\system32\mstsc.exe /setowner "NT Service\TrustedInstaller" /T /C
icacls C:\windows\system32\mstscax.dll /setowner "NT Service\TrustedInstaller" /T /C - It remains to re-register the library::
regsvr32 C:\Windows\System32\mstscax.dll
This will temporarily fix the RemoteApp performance issue on Windows 10 clients.
7 comments
Hi there!
Thank you very much – this article leaded me to the right answer!
Disabling RemoteFX did the trick – but – curious as I’m, I investigated further.
RemoteFX is relaying on UDP as protokoll this is as far as I know the main difference (in network terms) using it.
So i checked the IPS log of my firewall – seeing that it’s detecting an UdpFlood against my RDP Host.
created an Exception > everything works fine now =)
Performed the icacls (results as your screenshots), but when i copy the new files (via an admin command prompt) access denied.
The issue has to do with mouse polling. Some mice have a polling over 1000, adjusted your mouse to 120hz makes the lag go away.
Thank you, this fixed it for my. Razer Naga is set to a default of 1000 Hz. After reducing the polling rate to 125 Hz RemoteApps are now working fine.
After I had replaced the files Windows Update is not able to install 2020-07 Cumulative Update in Win 10 2004, KB4565503. The installation reported 0x8007000D, c:\windows\logs\cbs\CBS.log gives the following error:
Error CSI 0000000f (F) Hydration failed for component Microsoft-Windows-TerminalServices-ClientActiveXCore, version 10.0.19041.388, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} on file mstscax.dll with NTSTATUS -1073283059[
Error CSI 00000010 (F) Matching binary mstscax.dll missing for component Microsoft-Windows-TerminalServices-ClientActiveXCore, version 10.0.19041.388, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35}[gle=0x80004005]
[…]
Info CSI 00000015 Hashes for file member [l:11]’mstscax.dll’ do not match.
After restoring the Win10 2004 files I was able to install the 2020-07 CU.
Thank you, this trouble also applies to update Windows 10 20H2. After update from 1809 to 20H2 problem had appeared. Solved by performing the same steps as described in the article
If you are experiencing a problem with the opening time of Windows Server RDS sessions (sometimes taking more than a few minutes to open), this can be caused by a known RDS bug involving hundreds of duplicates in firewall rules.